JBoss Portal SVN: r13721 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src: main/java/org/exoplatform/portal/jboss/security/provisioning and 1 other directories. - portal-commits

Monday, 10 August 2009


Author: sohil.shah(a)jboss.com
Date: 2009-08-10 15:25:11 -0400 (Mon, 10 Aug 2009)
New Revision: 13721

Removed:
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossGroupPageACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalPageACL.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossUserPageACL.java
Modified:
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/components/ExoRoles.java
  
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
Log:
Integrating the custom ExoRoles Security Component

Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/components/ExoRoles.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/components/ExoRoles.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/components/ExoRoles.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -117,6 +117,8 @@
 		String roleList = buffer.toString().trim();
 		roleList = roleList.substring(0, roleList.lastIndexOf(','));
 		
+		try{Thread.currentThread().sleep(10);}catch(Exception e){}
+		
 		String ruleLogic = null;
 		if(!this.mustMatchAll)
 		{

Modified:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/main/java/org/exoplatform/portal/jboss/security/provisioning/ExoPolicyProvisioner.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -151,17 +151,14 @@
 						readRoles.addName(accessPermission);
 					}
 					else
-					{					
-						// Guest Group			
-						ExoRoles guest = new ExoRoles();			
-						guest.addName("*:"+this.guestGroup);
-						context.addPolicyRule(Effect.PERMIT, new Read(), guest,
"allowExpression");
+					{
+						readRoles.addName("*:"+this.guestGroup);															
 					}
 				}
 				if(!readRoles.isEmpty())
 				{
 					context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
-						"allowExpression");
+					"allowExpression");
 				}
 			}
 	
@@ -173,17 +170,18 @@
 				
 				if(!this.isGuestGroup(editPermission))
 				{
-					writeRoles.addName(editPermission);
-					context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
-						"allowExpression");
+					writeRoles.addName(editPermission);					
 				}
 				else
 				{
-					// Guest Group			
-					ExoRoles guest = new ExoRoles();							
-					guest.addName("*:"+this.guestGroup);
-					context.addPolicyRule(Effect.PERMIT, new Write(), guest,
"allowExpression");
-				}								
+					//Guest		
+					writeRoles.addName("*:"+this.guestGroup);
+				}
+				if(!writeRoles.isEmpty())
+				{
+					context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
+						"allowExpression");
+				}
 			}
 			
 			//Provision the Policy for this Portal
@@ -227,16 +225,14 @@
 						}
 						else
 						{					
-							// Guest Group			
-							ExoRoles guest = new ExoRoles();			
-							guest.addName("*:"+this.guestGroup);					
-							context.addPolicyRule(Effect.PERMIT, new Read(), guest,
"allowExpression");
+							//GuestGroup	
+							readRoles.addName("*:"+this.guestGroup);							
 						}
 					}
 					if(!readRoles.isEmpty())
 					{
 						context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
-							"allowExpression");
+						"allowExpression");
 					}
 				}
 		
@@ -248,18 +244,18 @@
 					
 					if(!this.isGuestGroup(editPermission))
 					{
-						writeRoles.addName(editPermission);
-						context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
-							"allowExpression");
+						writeRoles.addName(editPermission);						
 					}
 					else
 					{				
-						// Guest Group			
-						ExoRoles guest = new ExoRoles();			
-						guest.addName("*:"+this.guestGroup);				
-						context.addPolicyRule(Effect.PERMIT, new Write(), guest,
"allowExpression");
+						//Guest												
+						writeRoles.addName("*:"+this.guestGroup);										
 					}
-					
+					if(!writeRoles.isEmpty())
+					{
+						context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
+						"allowExpression");
+					}
 				}	
 			}
 			else
@@ -310,17 +306,18 @@
 				
 				if(!this.isGuestGroup(roleName))
 				{
-					roles.addName(roleName);
-					context.addPolicyRule(Effect.PERMIT, new Write(), roles,
-						"allowExpression");
+					roles.addName(roleName);					
 				}
 				else
 				{
-					// Guest Group			
-					ExoRoles guest = new ExoRoles();								
-					guest.addName("*:"+this.guestGroup);				
-					context.addPolicyRule(Effect.PERMIT, new Write(), guest,
"allowExpression");
+					//Guest
+					roles.addName("*:"+this.guestGroup);									
 				}
+				if(!roles.isEmpty())
+				{
+					context.addPolicyRule(Effect.PERMIT, new Write(), roles,
+						"allowExpression");
+				}
 			}
 			else if(pageNavigation.getOwnerType().equals(PortalConfig.USER_TYPE))
 			{

Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractSharedPageACL.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -1,599 +0,0 @@
-/**
- * 
- */
-package org.exoplatform.portal.config.security.jboss;
-
-import java.net.URI;
-import java.util.Collection;
-
-import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.portal.config.model.Page;
-import org.exoplatform.services.security.MembershipEntry;
-
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.components.action.Read;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.exoplatform.portal.jboss.security.components.ExoRoles;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.PolicyMetaData;
-
-/**
- * @author soshah
- * 
- */
-public abstract class JBossAbstractSharedPageACL extends
-		JBossAbstractTestUserACL
-{
-	protected abstract String getOwnerType();
-
-	public void testPage() throws Exception
-	{
-		Page page = new Page();
-		page.setName("index");
-		page.setOwnerType(this.getOwnerType());
-		page.setOwnerId("user");
-		page.setAccessPermissions(new String[0]);
-
-		this.provisionPagePolicy(page);
-		this.dumpPolicyRepository();
-
-		// Assert
-		if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), true);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), false);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), true);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), false);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-		else
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), false);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), false);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-	}
-
-	public void testPageAccessibleByEveryone() throws Exception
-	{
-		Page page = new Page();
-		page.setName("index");
-		page.setOwnerType(this.getOwnerType());
-		page.setOwnerId("user");
-		page.setAccessPermissions(new String[] { "Everyone" });
-
-		this.provisionPagePolicy(page);
-		this.dumpPolicyRepository();
-
-		// Assert
-		if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), true);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), false);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), true);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),
-					true);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), true);
-		}
-		else
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), false);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), false);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-	}
-
-	public void testPageEditableByEveryone() throws Exception
-	{
-		Page page = new Page();
-		page.setName("index");
-		page.setOwnerType(this.getOwnerType());
-		page.setOwnerId("user");
-		page.setAccessPermissions(new String[0]);
-		page.setEditPermission("Everyone");
-
-		this.provisionPagePolicy(page);
-		this.dumpPolicyRepository();
-
-		// Assert
-		if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), true);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page),
-					true);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), true);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), true);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), true);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),
-					true);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), true);
-		}
-		else
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), false);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), false);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-	}
-
-	public void testPageAccessibleByGuests() throws Exception
-	{
-		Page page = new Page();
-		page.setName("index");
-		page.setOwnerType(this.getOwnerType());
-		page.setOwnerId("user");
-		page.setAccessPermissions(new String[] { "*:" + this.guestGroup_ });
-
-		this.provisionPagePolicy(page);
-		this.dumpPolicyRepository();
-
-		// Assert
-		if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), true);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), false);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), true);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), false);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), true);
-		}
-		else
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), false);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), false);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-	}
-
-	public void testPageEditableByGuests() throws Exception
-	{
-		Page page = new Page();
-		page.setName("index");
-		page.setOwnerType(this.getOwnerType());
-		page.setOwnerId("user");
-		page.setAccessPermissions(new String[0]);
-		page.setEditPermission("*:" + this.guestGroup_);
-
-		this.provisionPagePolicy(page);
-		this.dumpPolicyRepository();
-
-		// Assert
-		if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), true);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), false);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), true);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), true);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), false);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), true);
-		}
-		else
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), false);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), false);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-	}
-
-	public void testPageAccessibleByEveryOneAndGuests() throws Exception
-	{
-		Page page = new Page();
-		page.setName("index");
-		page.setOwnerType(this.getOwnerType());
-		page.setOwnerId("user");
-		page.setAccessPermissions(new String[] { "Everyone",
-				"*:" + this.guestGroup_ });
-
-		this.provisionPagePolicy(page);
-		this.dumpPolicyRepository();
-
-		// Assert
-		if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), true);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), false);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), true);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),
-					true);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), true);
-		}
-		else
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), false);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), false);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-	}
-
-	public void testPageAccessibleByGuestsOnly() throws Exception
-	{
-		Page page = new Page();
-		page.setName("index");
-		page.setOwnerType(this.getOwnerType());
-		page.setOwnerId("user");
-		page.setAccessPermissions(new String[] { "*:" + this.guestGroup_ });
-
-		this.provisionPagePolicy(page);
-		this.dumpPolicyRepository();
-
-		// Assert
-		if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), true);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), false);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), true);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), false);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), true);
-		}
-		else
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), false);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), false);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-	}
-
-	public void testPageWithAccessPermission() throws Exception
-	{
-		Page page = new Page();
-		page.setName("index");
-		page.setOwnerType(this.getOwnerType());
-		page.setOwnerId("user");
-		page.setAccessPermissions(new String[] { "*:/manageable" });
-
-		this.provisionPagePolicy(page);
-		this.dumpPolicyRepository();
-
-		if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), true);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), false);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), true);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-			this.enforce(this.readPageEnforcementContext(this.user, page), false);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-		else
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), false);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), false);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}		
-	}
-
-	public void testPageWithEditPermission() throws Exception
-	{
-		Page page = new Page();
-		page.setName("index");
-		page.setOwnerType(this.getOwnerType());
-		page.setOwnerId("user");
-		page.setAccessPermissions(new String[0]);
-		page.setEditPermission("*:/manageable");
-
-		this.provisionPagePolicy(page);
-		this.dumpPolicyRepository();
-
-		if(!this.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), true);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), true);
-			this.enforce(this.writePageEnforcementContext(this.user, page), false);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), true);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),
-					false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), true);
-			this.enforce(this.readPageEnforcementContext(this.user, page), false);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}
-		else
-		{
-			this.enforce(this.writePageEnforcementContext(this.root, page), false);
-			this.enforce(this.writePageEnforcementContext(this.administrator, page), false);
-			this.enforce(this.writePageEnforcementContext(this.manager, page), false);
-			this.enforce(this.writePageEnforcementContext(this.user, page), true);
-			this.enforce(this.writePageEnforcementContext(this.guest, page), false);
-	
-			this.enforce(this.readPageEnforcementContext(this.root, page), false);
-			this.enforce(this.readPageEnforcementContext(this.administrator, page),false);
-			this.enforce(this.readPageEnforcementContext(this.manager, page), false);
-			this.enforce(this.readPageEnforcementContext(this.user, page), true);
-			this.enforce(this.readPageEnforcementContext(this.guest, page), false);
-		}		
-	}
-	//
------------------------------------------------------------------------------------------------------------------------------------------------------------------
-	/**
-	 * Provisioning Phase: Provisions the Policy associated with the "Page". The
-	 * Policy Structure is created using "Security Components" whose state is
-	 * populated from state of the Page Object
-	 * 
-	 * 
-	 * customization feature from the core framework
-	 */
-	private void provisionPagePolicy(Page page) throws Exception
-	{
-		CompositionContext context = new CompositionContext();
-
-		// SetUp Resource
-		URIResource target = new URIResource();
-		target.setUri(new URI(page.getName()));
-		context.setPolicyTarget(target);
-
-		if (!page.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			// SuperUser Access
-			org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
-			superuser.setName(this.root.getId()); // Provided via system configuration
-			context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
-
-			// Read Access
-			if (page.getAccessPermissions() != null
-					&& page.getAccessPermissions().length > 0)
-			{
-				ExoRoles readRoles = new ExoRoles();
-				String[] accessPermissions = page.getAccessPermissions();
-				for (String accessPermission : accessPermissions)
-				{
-					if (!this.isGuestGroup(accessPermission))
-					{
-						readRoles.addName(accessPermission);
-					}
-					else
-					{
-						// Guest Group
-						ExoRoles guest = new ExoRoles();
-						guest.addName(accessPermission);
-						context.addPolicyRule(Effect.PERMIT, new Read(), guest,
-								"allowExpression");
-					}
-				}
-				if (!readRoles.isEmpty())
-				{
-					context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
-							"allowExpression");
-				}
-			}
-
-			// Write Access
-			String editPermission = page.getEditPermission();
-			if (editPermission != null && editPermission.trim().length() > 0)
-			{
-				ExoRoles writeRoles = new ExoRoles();
-
-				if (!this.isGuestGroup(editPermission))
-				{
-					writeRoles.addName(editPermission);
-					context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
-							"allowExpression");
-				}
-				else
-				{
-					// Guest Group
-					ExoRoles guest = new ExoRoles();
-					guest.addName(editPermission);
-					context.addPolicyRule(Effect.PERMIT, new Write(), guest,
-							"allowExpression");
-				}
-
-			}
-		}
-		else
-		{
-			Identity identity = new Identity();
-			identity.setName(page.getOwnerId());
-			context.addPolicyRule(Effect.PERMIT, identity, identity);
-		}
-
-		// Store the policy into the Policy Server
-		PolicyMetaData policyMetaData = this.policyComposer.compose(context);
-		this.provisioner.deploy(policyMetaData);
-	}
-
-	//
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
-	/**
-	 * Enforcement Phase: Creates an EnforcementContext for an incoming request
-	 * that is trying to "Read the Page Object". The EnforcementContext is
-	 * populated with "Security Components" whose state comes from the state of
-	 * the application for the incoming thread
-	 */
-	private EnforcementContext readPageEnforcementContext(User user, Page page)
-			throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = this.accessPageEnforcementContext(user, page);
-
-		// Create Action
-		context.setAttribute("action", new Read());
-
-		return context;
-	}
-
-	/**
-	 * Enforcement Phase: Creates an EnforcementContext for an incoming request
-	 * that is trying to "Edit the Portal Object". The EnforcementContext is
-	 * populated with "Security Components" whose state comes from the state of
-	 * the application for the incoming thread
-	 */
-	private EnforcementContext writePageEnforcementContext(User user, Page page)
-			throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = this.accessPageEnforcementContext(user, page);
-
-		// Create Action
-		context.setAttribute("action", new Write());
-
-		return context;
-	}
-
-	private EnforcementContext accessPageEnforcementContext(User user, Page page)
-			throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = new EnforcementContext();
-
-		// Create Resource
-		URIResource portalRes = new URIResource();
-		portalRes.setUri(new URI(page.getName()));
-		context.setAttribute("resource", portalRes);
-
-		// Create Identity
-		Identity identity = new Identity();
-		if (user.getId() != null)
-		{
-			identity.setName(user.getId());
-			context.setAttribute("identity", identity);
-		}
-
-		// Create Roles
-		ExoRoles roles = new ExoRoles();
-		Collection<MembershipEntry> memberships = user.getMemberships();
-		if (memberships != null && !memberships.isEmpty())
-		{
-			for (MembershipEntry membership : memberships)
-			{
-				roles.addName(membership.toString());
-			}
-		}
-		else
-		{
-			// Check to see if this is guest access
-			if (user.getId() == null)
-			{
-				// This is a guest user
-				roles.addName("*:" + this.guestGroup_); // Provided via system
-																								// configuration
-				roles.addName(ExoRoles.ANONYMOUS);
-			}
-		}
-		roles.addName("Everyone");
-		context.setAttribute("roles", roles);
-
-		return context;
-	}
-}

Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/JBossAbstractTestUserACL.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -1,125 +0,0 @@
-/**
- * 
- */
-package org.exoplatform.portal.config.security.jboss;
-
-import java.util.Set;
-import java.util.List;
-import java.util.ArrayList;
-
-import org.apache.log4j.Logger;
-
-import org.exoplatform.portal.config.UserACL;
-import org.exoplatform.test.BasicTestCase;
-
-import org.jboss.security.authz.bootstrap.ServiceContainer;
-
-import org.jboss.security.authz.model.Policy;
-
-import org.jboss.security.authz.agent.enforcement.PolicyEnforcementPoint;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.enforcement.EnforcementResponse;
-import org.jboss.security.authz.agent.provisioning.PolicyProvisioner;
-
-import org.jboss.security.authz.agent.services.PolicyComposer;
-
-/**
- * @author soshah
- *
- */
-public class JBossAbstractTestUserACL extends BasicTestCase
-{
-	private static Logger log = Logger.getLogger(JBossAbstractTestUserACL.class);
-	
-	User root, administrator, manager, user, guest;
-	
-	String navigationCreatorMembershipType_;
-	String superuser_;
-	String guestGroup_;
-	List<String> portalCreatorGroups;
-	
-	
-	PolicyComposer policyComposer;
-	PolicyEnforcementPoint enforcer;
-	PolicyProvisioner provisioner;
-	
-	protected void setUp() throws Exception 
-	{
-		ServiceContainer.bootstrap();
-		this.policyComposer = (PolicyComposer) ServiceContainer
-				.lookup("/agent/PolicyComposer");
-		this.enforcer = (PolicyEnforcementPoint) ServiceContainer
-				.lookup("/agent/LocalEnforcementPoint");
-		this.provisioner = (PolicyProvisioner) ServiceContainer
-				.lookup("/agent/LocalPolicyProvisioner");
-		
-		//via system configuration
-		this.navigationCreatorMembershipType_ = "manager"; 
-		this.superuser_ = "root";				
-		this.guestGroup_ = "/platform/guests";
-				
-		this.portalCreatorGroups = new ArrayList<String>();
-		this.portalCreatorGroups.add("*:/platform/administrators");
-		this.portalCreatorGroups.add("*:/organization/management/executive-board");
-		
-		
-		//Setup mock identities
-		this.root = new User(this.superuser_);
-		
-		this.administrator = new User("administrator");
-		this.administrator.addMembership("whatever",
"/platform/administrators");
-		
-		this.manager = new User("manager");
-		this.manager.addMembership("manager", "/manageable");
-		
-		this.user = new User("user");
-		
-		this.guest = new User(null);				
-	}
-	
-	protected void enforce(EnforcementContext enforcementContext, boolean mustBePermitted)
throws Exception
-	{	    
-	    EnforcementResponse response = this.enforcer.checkAccess(enforcementContext);
-	    
-    	assertNotNull(response);
-    	log.info("-----------------------------------");
-        log.info("Decision="+response.getMessage());
-        
-	    if(mustBePermitted)
-	    {	    	
-	    	assertTrue("Access must be granted!!!", response.isAccessGranted());
-	    }
-	    else
-	    {
-	    	assertFalse("Access must be denied!!!", response.isAccessGranted());
-	    }        
-	}
-			
-	protected void dumpPolicyRepository() throws Exception
-	{
-		//Assert Policy State of the Server
-		Set<Policy> policies = this.provisioner.readAllPolicies();
-
-		if(policies != null)
-		{
-			log.info("------------------------------------------------------------------------------");
-			for(Policy storedPolicy: policies)
-			{
-				log.info(storedPolicy.generateSystemPolicy());
-			}
-		}
-	}			
-	
-	protected boolean isGuestGroup(String groupEntry)
-	{				
-		UserACL.Permission permission = new UserACL.Permission();
-		permission.setPermissionExpression(groupEntry);
-		
-		if(permission.getGroupId().equals(this.guestGroup_))
-		{
-			return true;
-		}
-		
-		return false;
-	}	
-}

Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossCreatePortalACL.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -1,143 +0,0 @@
-/*
- * Copyright (C) 2003-2007 eXo Platform SAS.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Affero General Public License
- * as published by the Free Software Foundation; either version 3
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see<http://www.gnu.org/licenses/>;.
- */
-package org.exoplatform.portal.config.security.jboss;
-
-import java.util.Collection;
-import java.net.URI;
-
-import org.exoplatform.portal.jboss.security.components.CreatePortal;
-import org.exoplatform.portal.jboss.security.components.ExoRoles;
-import org.exoplatform.services.security.MembershipEntry;
-
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.model.Effect;
-
-/**
- * @author soshah
- * 
- */
-public class TestJBossCreatePortalACL extends JBossAbstractTestUserACL
-{
-	public void testCreatePortal() throws Exception
-	{
-		this.provisionCreatePortalPolicy();
-		this.dumpPolicyRepository();
-
-		// Generate an EnforcementContext to see if the superuser and administrator
-		// are allowed to create a Portal...Result: They should be
-		//this.enforce(this.createPortalEnforcementContext(this.root), true);
-		this.enforce(this.createPortalEnforcementContext(this.administrator), true);
-		//this.enforce(this.createPortalEnforcementContext(this.guest), false);
-
-		// Generate an EnforcementContext to see if a standard manager and a regular
-		// user are allowed to create a Portal..Result: They shouldn't be
-		//this.enforce(this.createPortalEnforcementContext(this.manager), false);
-		//this.enforce(this.createPortalEnforcementContext(this.user), false);
-	}	
-	//
----------------------------------------------------------------------------------------------------------------------------------------------------------------
-	private void provisionCreatePortalPolicy() throws Exception
-	{
-			CompositionContext context = new CompositionContext();
-	
-			//Using the custom "CreatePortal" "Security Component"
-			CreatePortal action = new CreatePortal();
-			URIResource resource = new URIResource();
-			resource.setUri(new URI(action.getName()));
-			context.setPolicyTarget(resource);
-	
-			// Super User... Supers Users have access to everything
-			org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
-			superuser.setName(this.root.getId());
-			context.addPolicyRule(Effect.PERMIT, action, superuser);		
-	
-			// PortalCreators Group....			
-			if(this.portalCreatorGroups != null && !this.portalCreatorGroups.isEmpty())
-			{
-				ExoRoles portalCreators = new ExoRoles();
-				
-				for(String portalCreatorGroup: this.portalCreatorGroups)
-				{
-					portalCreators.addName(portalCreatorGroup);
-				}
-				
-				context.addPolicyRule(Effect.PERMIT, action, portalCreators,
-						"allowExpression");								
-			}
-			
-			this.provisioner.deploy(context);
-	}
-	
-	/**
-	 * Enforcement Phase: Creates an EnforcementContext for an incoming request
-	 * that is trying to "Create a New Portal". The EnforcementContext is
-	 * populated with "Security Components" whose state comes from the state of
-	 * the application for the incoming thread
-	 */
-	private EnforcementContext createPortalEnforcementContext(User user)
-			throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = new EnforcementContext();
-
-		CreatePortal action = new CreatePortal();
-
-		// Create Resource
-		URIResource resource = new URIResource();
-		resource.setUri(new URI(action.getName()));
-		context.setAttribute("resource", resource);
-
-		// Create Identity
-		if(user.getId() != null)
-		{
-			Identity identity = new Identity();
-			identity.setName(user.getId());
-			context.setAttribute("identity", identity);
-		}
-
-		// Create Roles
-		ExoRoles roles = new ExoRoles();		
-		Collection<MembershipEntry> memberships = user.getMemberships();
-		if (memberships != null && !memberships.isEmpty())
-		{
-			for (MembershipEntry membership : memberships)
-			{
-				roles.addName(membership.toString());
-			}
-		}
-		else
-		{
-			// Check to see if this is guest access
-			if (user.getId() == null)
-			{
-				// This is a guest user
-				roles.addName("*:"+this.guestGroup_); // Provided via system
-																										// configuration
-				roles.addName(ExoRoles.ANONYMOUS);
-			}
-		}
-		roles.addName("Everyone");
-		context.setAttribute("roles", roles);
-
-		// Create Action
-		context.setAttribute("action", action);
-
-		return context;
-	}
-}

Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossGroupPageACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossGroupPageACL.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossGroupPageACL.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -1,18 +0,0 @@
-/**
- * 
- */
-package org.exoplatform.portal.config.security.jboss;
-
-import org.exoplatform.portal.config.model.PortalConfig;
-
-/**
- * @author soshah
- *
- */
-public class TestJBossGroupPageACL extends JBossAbstractSharedPageACL 
-{
-	public String getOwnerType()
-	{
-		return PortalConfig.GROUP_TYPE;
-	}
-}

Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPageNavACL.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -1,222 +0,0 @@
-/*
- * Copyright (C) 2003-2007 eXo Platform SAS.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Affero General Public License
- * as published by the Free Software Foundation; either version 3
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see<http://www.gnu.org/licenses/>;.
- */
-package org.exoplatform.portal.config.security.jboss;
-
-import org.exoplatform.portal.config.model.PageNavigation;
-import java.util.Collection;
-import java.net.URI;
-
-import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.services.security.MembershipEntry;
-
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-import org.exoplatform.portal.jboss.security.components.ExoRoles;
-
-/**
- * 
- * @author soshah
- * 
- */
-public class TestJBossPageNavACL extends JBossAbstractTestUserACL
-{
-
-	public void testNavEditByManagerGroup() throws Exception
-	{
-		PageNavigation nav = new PageNavigation();
-		nav.setDescription("testPageNavigation");
-		nav.setOwnerType(PortalConfig.GROUP_TYPE);
-		nav.setOwnerId("manageable");	
-		
-		this.provisionPageNavigationPolicy(nav);
-		this.dumpPolicyRepository();
-
-		this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.manager, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);		
-	}
-
-	public void testNavEditByFooGroup() throws Exception
-	{
-		PageNavigation nav = new PageNavigation();
-		nav.setDescription("testPageNavigation");
-		nav.setOwnerType(PortalConfig.GROUP_TYPE);
-		nav.setOwnerId("foo");	
-		
-		this.provisionPageNavigationPolicy(nav);
-		this.dumpPolicyRepository();
-
-		this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
-	}
-	
-	public void testNavEditByUser() throws Exception
-	{
-		PageNavigation nav = new PageNavigation();
-		nav.setDescription("testPageNavigation");
-		nav.setOwnerType(PortalConfig.USER_TYPE);
-		nav.setOwnerId("user");	
-		
-		this.provisionPageNavigationPolicy(nav);
-		this.dumpPolicyRepository();
-
-		this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.user, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.guest, nav), false);
-	}
-	
-	public void testNavEditByGuest() throws Exception
-	{
-		PageNavigation nav = new PageNavigation();
-		nav.setDescription("testPageNavigation");
-		nav.setOwnerType(PortalConfig.GROUP_TYPE);
-		nav.setOwnerId(this.guestGroup_);	
-		
-		this.provisionPageNavigationPolicy(nav);
-		this.dumpPolicyRepository();
-
-		this.enforce(this.writePageNavEnforcementContext(this.root, nav), true);
-    this.enforce(this.writePageNavEnforcementContext(this.administrator, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.manager, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.user, nav), false);
-    this.enforce(this.writePageNavEnforcementContext(this.guest, nav), true);		
-	}
-	//
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
-	/**
-	 * Provisioning Phase: Provisions the Policy associated with the
-	 * "Page Navigation". The Policy Structure is created using
-	 * "Security Components" whose state is populated from state of the
-	 * PageNavigation object
-	 */
-	private void provisionPageNavigationPolicy(PageNavigation pageNavigation)
-			throws Exception
-	{
-		// Setup the Context for the Composition with these components
-		CompositionContext context = new CompositionContext();
-		
-		// SetUp Resource
-		URIResource target = new URIResource();
-		target.setUri(new URI(String.valueOf(pageNavigation.getId())));		
-		context.setPolicyTarget(target);
-		
-		// Super User/Everyone (gives access without further evaluation)
-		org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
-		superuser.setName(this.root.getId()); // Provided via system configuration
-		context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
-						
-		if(pageNavigation.getOwnerType().equals(PortalConfig.GROUP_TYPE))
-		{
-			ExoRoles roles = new ExoRoles();			
-			StringBuilder buffer = new
StringBuilder(this.navigationCreatorMembershipType_+":");
-			if(pageNavigation.getOwnerId().startsWith("/"))
-			{
-				buffer.append(pageNavigation.getOwnerId());
-			}
-			else
-			{
-				buffer.append("/"+pageNavigation.getOwnerId());
-			}
-			String roleName = buffer.toString();
-			
-			if(!this.isGuestGroup(roleName))
-			{
-				roles.addName(roleName);
-				context.addPolicyRule(Effect.PERMIT, new Write(), roles,
-					"allowExpression");
-			}
-			else
-			{
-				// Guest Group			
-				ExoRoles guest = new ExoRoles();			
-				guest.addName(roleName);								
-				context.addPolicyRule(Effect.PERMIT, new Write(), guest,
"allowExpression");
-			}
-		}
-		else if(pageNavigation.getOwnerType().equals(PortalConfig.USER_TYPE))
-		{
-			Identity identity = new Identity();
-			identity.setName(pageNavigation.getOwnerId());
-			context.addPolicyRule(Effect.PERMIT, new Write(), identity);
-		}
-
-		// Store the policy into the Policy Server
-		PolicyMetaData policyMetaData = this.policyComposer.compose(context);
-		this.provisioner.deploy(policyMetaData);
-	}
-	//
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
-	/**
-   * Enforcement Phase: Creates an EnforcementContext for an incoming request that is
trying to "Edit the Page Navigation Object". The EnforcementContext is populated
with 
-   * "Security Components" whose state comes from the state of the application
for the incoming thread
-   */
-	private EnforcementContext writePageNavEnforcementContext(User user, PageNavigation
pageNavigation) throws Exception
-  {
-	  	//Create an EnforcementContext
-	  	EnforcementContext context = new EnforcementContext();
-
-		// Create Resource
-		URIResource portalRes = new URIResource();
-		portalRes.setUri(new URI(String.valueOf(pageNavigation.getId())));
-		context.setAttribute("resource", portalRes);
-
-		// Create Identity
-		Identity identity = new Identity();
-		if(user.getId() != null)
-		{
-			identity.setName(user.getId());
-			context.setAttribute("identity", identity);
-		}				
-		
-		//Create Roles		
-		ExoRoles roles = new ExoRoles();		
-		Collection<MembershipEntry> memberships = user.getMemberships();
-		if (memberships != null && !memberships.isEmpty())
-		{
-			for (MembershipEntry membership : memberships)
-			{
-				roles.addName(membership.toString());
-			}			
-		}
-		else
-		{
-			// Check to see if this is guest access
-			if (user.getId() == null)
-			{
-				// This is a guest user
-				roles.addName("*:"+this.guestGroup_); // Provided via system configuration
-				roles.addName(ExoRoles.ANONYMOUS);				
-			}
-		}
-		roles.addName("Everyone");
-		context.setAttribute("roles", roles);
-		
-		context.setAttribute("action", new Write());
-		
-		return context;
-   }
-}
\ No newline at end of file

Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalConfigACL.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -1,328 +0,0 @@
-/*
- * Copyright (C) 2003-2007 eXo Platform SAS.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Affero General Public License
- * as published by the Free Software Foundation; either version 3
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see<http://www.gnu.org/licenses/>;.
- */
-package org.exoplatform.portal.config.security.jboss;
-
-import java.util.Collection;
-import java.net.URI;
-
-import org.exoplatform.portal.config.model.PortalConfig;
-import org.exoplatform.services.security.MembershipEntry;
-
-import org.jboss.security.authz.agent.services.CompositionContext;
-import org.jboss.security.authz.components.resource.URIResource;
-import org.jboss.security.authz.components.subject.Identity;
-import org.exoplatform.portal.jboss.security.components.ExoRoles;
-import org.jboss.security.authz.components.action.Read;
-import org.jboss.security.authz.components.action.Write;
-import org.jboss.security.authz.model.Effect;
-import org.jboss.security.authz.model.PolicyMetaData;
-import org.jboss.security.authz.agent.enforcement.EnforcementContext;
-
-/**
- * 
- * @author soshah
- * 
- */
-public class TestJBossPortalConfigACL extends JBossAbstractTestUserACL
-{
-
-	public void testPortalRootAccessOnly() throws Exception
-	{
-		PortalConfig portal = new PortalConfig();
-		portal.setName("foo");
-		this.provisionPortalConfigPolicy(portal);
-
-		this.dumpPolicyRepository();
-
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.manager, portal),
-				false);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
-
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this
-				.enforce(this.readPortalEnforcementContext(this.manager, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
-	}
-
-	public void testPortalOnlyReadAccess() throws Exception
-	{
-		PortalConfig portal = new PortalConfig();
-		portal.setName("foo");
-		portal.setAccessPermissions(new String[] { "manager:/manageable" });
-		this.provisionPortalConfigPolicy(portal);
-
-		this.dumpPolicyRepository();
-
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.manager, portal),
-				false);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
-
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
-	}
-
-	public void testPortalEditableAndReadImplied() throws Exception
-	{
-		PortalConfig portal = new PortalConfig();
-		portal.setName("foo");
-		portal.setEditPermission("manager:/manageable");
-		this.provisionPortalConfigPolicy(portal);
-
-		this.dumpPolicyRepository();
-
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this
-				.enforce(this.writePortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
-
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
-	}
-
-	public void testPortalReadAndEditableExplicit() throws Exception
-	{
-		PortalConfig portal = new PortalConfig();
-		portal.setName("foo");
-		portal.setAccessPermissions(new String[] { "manager:/manageable" });
-		portal.setEditPermission("manager:/manageable");
-
-		this.provisionPortalConfigPolicy(portal);
-
-		this.dumpPolicyRepository();
-
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this
-				.enforce(this.writePortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), false);
-
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this.enforce(this.readPortalEnforcementContext(this.manager, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), false);
-	}
-
-	public void testGuestAllowedEdit() throws Exception
-	{
-		PortalConfig portal = new PortalConfig();
-		portal.setName("foo");
-		portal.setEditPermission("*:"+this.guestGroup_); 
-		this.provisionPortalConfigPolicy(portal);
-
-		this.dumpPolicyRepository();
-
-		this.enforce(this.writePortalEnforcementContext(this.root, portal), true);
-		this.enforce(
-				this.writePortalEnforcementContext(this.administrator, portal), false);
-		this
-				.enforce(this.writePortalEnforcementContext(this.manager, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.writePortalEnforcementContext(this.guest, portal), true);
-
-		this.enforce(this.readPortalEnforcementContext(this.root, portal), true);
-		this.enforce(this.readPortalEnforcementContext(this.administrator, portal),
-				false);
-		this.enforce(this.readPortalEnforcementContext(this.manager, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.user, portal), false);
-		this.enforce(this.readPortalEnforcementContext(this.guest, portal), true);
-	}
-	//
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
-	/**
-	 * Provisioning Phase: Provisions the Policy associated with the "Portal".
The
-	 * Policy Structure is created using "Security Components" whose state is
-	 * populated from state of the PortalConfig object
-	 */
-	private void provisionPortalConfigPolicy(PortalConfig portal)
-			throws Exception
-	{
-		CompositionContext context = new CompositionContext();
-		
-		// SetUp Resource
-		URIResource target = new URIResource();
-		target.setUri(new URI(portal.getName()));
-		context.setPolicyTarget(target);
-		
-		// Super User/Everyone (gives access without further evaluation)
-		org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
-		superuser.setName(this.root.getId()); // Provided via system configuration
-		context.addPolicyRule(Effect.PERMIT, new Write(), superuser);
-		
-		// Read Access
-		if (portal.getAccessPermissions() != null
-				&& portal.getAccessPermissions().length > 0)
-		{
-			ExoRoles readRoles = new ExoRoles();
-			String[] accessPermissions = portal.getAccessPermissions();
-			for (String accessPermission : accessPermissions)
-			{
-				if(!this.isGuestGroup(accessPermission))
-				{
-					readRoles.addName(accessPermission);
-				}
-				else
-				{					
-					// Guest Group			
-					ExoRoles guest = new ExoRoles();			
-					guest.addName(accessPermission);
-					context.addPolicyRule(Effect.PERMIT, new Read(), guest,
"allowExpression");
-				}
-			}
-			if(!readRoles.isEmpty())
-			{
-				context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
-					"allowExpression");
-			}
-		}
-
-		// Write Access
-		String editPermission = portal.getEditPermission();
-		if (editPermission != null && editPermission.trim().length() > 0)
-		{
-			ExoRoles writeRoles = new ExoRoles();
-			
-			if(!this.isGuestGroup(editPermission))
-			{
-				writeRoles.addName(editPermission);
-				context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
-					"allowExpression");
-			}
-			else
-			{
-				// Guest Group			
-				ExoRoles guest = new ExoRoles();							
-				guest.addName(editPermission);
-				context.addPolicyRule(Effect.PERMIT, new Write(), guest,
"allowExpression");
-			}
-			
-		}
-
-		// Store the policy into the Policy Server
-		PolicyMetaData policyMetaData = this.policyComposer.compose(context);
-		this.provisioner.deploy(policyMetaData);
-	}
-
-	//
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
-	/**
-	 * Enforcement Phase: Creates an EnforcementContext for an incoming request
-	 * that is trying to "Read the Portal Object". The EnforcementContext is
-	 * populated with "Security Components" whose state comes from the state of
-	 * the application for the incoming thread
-	 */
-	private EnforcementContext readPortalEnforcementContext(User user,
-			PortalConfig portal) throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = this.accessPortalEnforcementContext(user,
-				portal);
-
-		// Create Action
-		context.setAttribute("action", new Read());
-
-		return context;
-	}
-
-	/**
-	 * Enforcement Phase: Creates an EnforcementContext for an incoming request
-	 * that is trying to "Edit the Portal Object". The EnforcementContext is
-	 * populated with "Security Components" whose state comes from the state of
-	 * the application for the incoming thread
-	 */
-	private EnforcementContext writePortalEnforcementContext(User user,
-			PortalConfig portal) throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = this.accessPortalEnforcementContext(user,
-				portal);
-
-		// Create Action
-		context.setAttribute("action", new Write());
-
-		return context;
-	}
-
-	private EnforcementContext accessPortalEnforcementContext(User user,
-			PortalConfig portal) throws Exception
-	{
-		// Create an EnforcementContext
-		EnforcementContext context = new EnforcementContext();
-
-		// Create Resource
-		URIResource portalRes = new URIResource();
-		portalRes.setUri(new URI(portal.getName()));
-		context.setAttribute("resource", portalRes);
-
-		// Create Identity
-		Identity identity = new Identity();
-		if (user.getId() != null)
-		{
-			identity.setName(user.getId());
-			context.setAttribute("identity", identity);
-		}
-
-		// Create Roles
-		ExoRoles roles = new ExoRoles();		
-		Collection<MembershipEntry> memberships = user.getMemberships();
-		if (memberships != null && !memberships.isEmpty())
-		{
-			for (MembershipEntry membership : memberships)
-			{
-				roles.addName(membership.toString());
-			}
-		}
-		else
-		{
-			// Check to see if this is guest access
-			if (user.getId() == null)
-			{
-				// This is a guest user
-				roles.addName("*:"+this.guestGroup_); // Provided via system
-																										// configuration
-				roles.addName(ExoRoles.ANONYMOUS);
-			}
-		}
-		roles.addName("Everyone");
-		context.setAttribute("roles", roles);
-
-		return context;
-	}
-}

Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalPageACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalPageACL.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossPortalPageACL.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -1,18 +0,0 @@
-/**
- * 
- */
-package org.exoplatform.portal.config.security.jboss;
-
-import org.exoplatform.portal.config.model.PortalConfig;
-
-/**
- * @author soshah
- *
- */
-public class TestJBossPortalPageACL extends JBossAbstractSharedPageACL 
-{
-	public String getOwnerType()
-	{
-		return PortalConfig.PORTAL_TYPE;
-	}
-}

Deleted:
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossUserPageACL.java
===================================================================
---
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossUserPageACL.java	2009-08-10
19:22:05 UTC (rev 13720)
+++
jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src/test/java/org/exoplatform/portal/config/security/jboss/TestJBossUserPageACL.java	2009-08-10
19:25:11 UTC (rev 13721)
@@ -1,18 +0,0 @@
-/**
- * 
- */
-package org.exoplatform.portal.config.security.jboss;
-
-import org.exoplatform.portal.config.model.PortalConfig;
-
-/**
- * @author soshah
- *
- */
-public class TestJBossUserPageACL extends JBossAbstractSharedPageACL 
-{
-	public String getOwnerType()
-	{
-		return PortalConfig.USER_TYPE;
-	}
-}


    

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

JBoss Portal SVN: r13721 - in jbossexo/branches/security-integration-sandbox/portal/trunk/component/portal/src: main/java/org/exoplatform/portal/jboss/security/provisioning and 1 other directories.